$seenSessionUse) { $ts = $otpinfo['timestamp']; $seenTs = ($ad['high'] << 16) + $ad['low']; $tsDiff = $ts - $seenTs; $tsDelta = $tsDiff * TS_SEC; //// Check the real time // $lastTime = strtotime($ad['accessed']); $now = time(); $elapsed = $now - $lastTime; $deviation = abs($elapsed - $tsDelta); $percent = $deviation/$elapsed; debug("Timestamp seen=" . $seenTs . " this=" . $ts . " delta=" . $tsDiff . ' secs=' . $tsDelta . ' accessed=' . $lastTime .' (' . $ad['accessed'] . ') now=' . $now . ' (' . strftime("%Y-%m-%d %H:%M:%S", $now) . ') elapsed=' . $elapsed . ' deviation=' . $deviation . ' secs or '. round(100*$percent) . '%'); if ($deviation > TS_ABS_TOLERANCE && $percent > TS_REL_TOLERANCE) { debug("OTP failed phishing test"); if ($ad['chk_time']) { sendResp(S_DELAYED_OTP); exit; } } } sendResp(S_OK); ////////////////////////// // Functions ////////////////////////// function sendResp($status, $info = null) { global $ad, $apiKey; if ($status == null) { $status = S_BACKEND_ERROR; } $a['status'] = $status; #$a['info'] = $info; $a['t'] = getUTCTimeStamp(); $h = sign($a, $apiKey); echo "h=" . $h . "\r\n"; echo "t=" . ($a['t']) . "\r\n"; echo "status=" . ($a['status']) . "\r\n"; if ($a['info'] != null) { echo "info=" . ($a['info']) . "\r\n"; } echo "\r\n"; } // End sendResp function updateDB($id, $session_counter, $session_use, $ts_high, $ts_low) { $stmt = 'UPDATE yubikeys SET ' . 'accessed=NOW(),' . 'counter=' . $session_counter . ',' . 'sessionUse=' . $session_use . ',' . 'low=' . $ts_low . ',' . 'high=' . $ts_high . ' WHERE id=' . $id; query($stmt); } ?>